SHA-1 produces a fixed 160-bit digest (40 hex characters) from any input. It is a one-way cryptographic hash — the same input always yields the same output.

SHA-1 is broken (collisions practical since 2017). SHA-256 / SHA-384 / SHA-512 remain secure for general cryptographic use as of 2026.

Can SHA-1 be reversed?

No. Hash functions are one-way. Short or common inputs may be looked up in rainbow tables, but there is no general decryption.

100% browser-based · 160-bit digest · Web Crypto

SHA -1

Generate a SHA-1 hash from any text in your browser. Produces a 160-bit digest as 40 hex characters using the browser native crypto.subtle API. Note: SHA-1 is broken for security uses.

Plain text

SHA-1 digest

Hash options

Letter case

Hash each line separatelyProduce one hash per non-empty line Auto-hashRe-run on every input change

Multi-algorithm checksum

Input size

0 B

Digest size

0 B

Length

—

Status

Ready

Example

Text in, SHA-1 out

Every input maps to a fixed 160-bit digest (40 hex characters). Changing one byte randomises the entire output.

Plain text

Hello, world!

SHA-1 (hex)

943a702d06f34599aee1f8da8ef9f7296031d699

Use cases

What you will use SHA-1 for

SHA-1 fingerprints data so you can detect changes, verify integrity, and build authenticated protocols.

Security audits

Verify that a file you downloaded matches the official checksum.

API authentication

Many APIs sign requests with SHA-1 or HMAC-SHA-1.

File integrity

Detect corruption or tampering across storage and transport.

Tokens & IDs

Build deterministic IDs from input data using SHA-1.

Step by step

How to generate a SHA-1 hash

Paste your text

Drop any text — UTF-8 is handled automatically.

Set options

Pick lowercase or uppercase.

Click Generate

Or leave auto-hash on for live updates.

Copy or download

Grab the 40-char hex digest.

FAQ

Frequently asked questions

How does SHA-1 work?

SHA-1 processes input through the Merkle-Damgård construction, producing a fixed 160-bit digest. It is deterministic and one-way.

Is SHA-1 secure?

SHA-1 collisions were demonstrated (SHAttered, 2017). It is unsafe for signatures and certificates but still used in legacy systems.

Can I reverse a SHA-1 hash?

No — hashes are one-way. Short or common inputs may be found in rainbow tables, but there is no general decryption.

Why does my hash differ from another tool?

Usually whitespace, trailing newlines, or line endings (LF vs CRLF). Also confirm both tools UTF-8 encode the input.

Is it free?

Yes. No signup, no limits, no ads. Everything runs entirely in your browser.

About

About SHA-1 hashing

SHA-1 is a cryptographic hash function in the SHA-2 family standardised by NIST in FIPS 180-4. It compresses arbitrary input into a fixed 160-bit digest.

Properties

Deterministic — same input always produces the same digest.
Fixed-size output — 160 bits / 40 hex characters.
Avalanche — changing one input bit randomises about half the output bits.
Hardware-accelerated in modern browsers via the Web Crypto API.

When to use which

SHA-256 — the default for most modern protocols (TLS, JWT, Bitcoin).
SHA-384 / SHA-512 — when you want a longer digest or run on 64-bit-heavy hardware.
HMAC-SHA-* — for authenticated messages with a shared secret key.